Healthcare sector reviewed in cyber-crime report

Welcome, Login

Brought to you by the editors of Healthcare IT News and Healthcare Finance News, EHRWatch.com offers news, commentary and community participation on the developments in electronic health records in one place. Topics covered include practice, funding, product integration, standards developments and trends in the implementation of electronic health records.

EHRs in the news

Canadian clinic makes personal health data available to patients

Intermountain measures total radiation

Mostashari: Beacons 'taught us'

EHR mastery proves elusive for many

More Headlines

The Health Record Review
by Jeff Rowe, Editor

Healthcare sector reviewed in cyber-crime report

Posted on Mon, Oct 29, 2012 - 03:04 pm

The term “cyber-crime” has a real dramatic ring to it, and, no doubt, there are specific types of cyber-crime that have far-reaching effects.

But a newly released series of industry-by-industry snapshots of cyber-crime demonstrates once again that a lot of healthcare-related cyber-crime could be easily prevented.

The document in question is the "Verizon 2012 and 2011 Data Breach Investigations Reports," and it consists of “snapshots” of a number of industries, including financial services, healthcare, retail and hospitality.

What stands out about the healthcare findings is the straightforward, almost predictable patterns of activity on the part of would-be cyber thieves.

As the Executive Summary puts it, “We see repeated throughout healthcare breaches: 1) attackers targeting point of sale (POS) systems and other assets in the payment chain, or 2) the physical theft and loss of devices (from which we may assume the value of the hardware is the intent). While protecting medical devices and records is a critical part of operating in the healthcare industry, organizations cannot lose sight of other assets being targeted by attackers."

Some of the reports other healthcare findings include:

· Most of the breaches within the health care sector fell into the small to medium business category (one to 100 employees), and outpatient care facilities such as medical and dental offices comprised the bulk of these.

· Attacks were almost entirely the work of financially motivated organized criminal groups, which typically attack smaller, low-risk targets to obtain personal and payment data for various fraud schemes.

· Most attacks involved hacking and malware and often focused on point of sale (POS) systems. However, the health care industry also needs to protect medical devices and electronic health records.

Perhaps most importantly:

· The majority of breaches can be prevented with some small and relatively easy steps, including change in administrative passwords on all POS systems; implementing a firewall; avoiding using POS systems to browse the Web; and making certain the POS is a PCI DSS (Payment Card Industry Data Security Standard) compliant application.

The full report can be found here.

Photo by bclinesmith via Creative Commons

jrowe's blog
Login or register to post comments

Resources

Peer Benchmarking Report on Providers' Progress Toward EMR Scanning

Lahey Clinic's EMR Transition Accelerated

IDC Health Insight's Moving From Paper to Electronic Health Records: Optimizing the Transition

» More Resources

EHRWatch.com Poll

Did you use a consultant for an EHR implementation project?

Yes

100%

Total votes: 2

Featured Video

Tom Tsang, MD, Aaron McKethan, PhD, and Craig Brammer from the Office of the National Coordinator, and the Beacon Communities give an overview of the Beacon Community Program in this video from the ONC website.

Menu Navigator

Welcome, Login

EHRs in the news

Healthcare sector reviewed in cyber-crime report

Resources

EHRWatch.com Poll

Featured Video

Latest Twitter Activity

Menu Footer